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DETAILED ACTION 

1. . Claims 1-27 are pending. 

Claim Objections 

2. Claim 20 is objected to because of the following informalities: the limitation "The 
preset time" should be amended to read "the present time." Appropriate correction is 
required. 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

1 . Claims 1 and 27 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. 

2. Regarding claim 1, the claim is directed towards nonstatutory subject matter. 
The cited claim is an example of functional descriptive material consisting of data 
structures and programs that impart functionality when employed as executed by a 
computer component. The functionality of functional descriptive material is realized only 
when the functional descriptive material is claimed as being embodied on a tangible 
computer readable medium and is claimed as executed by a computer component. The 
cited claims provide no tangible computer components that work in conjunction with the 



Application/Control Number: 10/790,655 Page 3 

Art Unit: 2134 

functional descriptive material to impart functionality and as a result the claims are not 
statutory because they fail the practical application requirement of § 101 by failing to 
provide a useful, concrete, and tangible result (see MPEP 2106). 
3. Regarding claim 27, the claimed program comprised of a computer data signal 
embodied by a carrier wave is non-statutory because a carrier wave is intangible. The 
functionality of functional descriptive material is realized only when the functional 
descriptive material is claimed as being embodied on a tangible computer readable 
medium and is claimed as executed by a computer component. The cited claims do 
not provide tangibly embodied functional descriptive material and as a result the claims 
are not statutory because they fail the practical application requirement of § 101 by 
failing to provide a useful, concrete, and tangible result (see MPEP 2106). 

Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

3. Claims 2-27 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

4. Regarding claims 2-25, the claimed "search process" is indefinite because it is 
defined as "searching the flowing-in path of the unauthorized access" while dependent 
claims 3 and 4 limit the search process to starting when unauthorized access is 
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detected. These limitations seem to conflict because the search process of claim 2 is 
defined as searching that which claim 3 defines as starting the process. Thus, it is 
unclear to the Examiner how a detection of an unauthorized access is made if the 
search process only searches that which has already been defined as an unauthorized 
access. 

5. Regarding claim 7, the claimed "mutual attestation" is indefinite because it is 
unclear what the flow source and notification unit are mutually attesting to. 

6. Regarding claims 13-14, the claimed judgment step is indefinite because it is 
unclear what is being judged. The claims provide for "judging whether... the 
determination is notified to the flow source." However, parent claim 2 provides for a 
notification process. Thus, it appears that claim 13 requires judging whether an action 
required by claim 2 is completed. If the action must be completed, as is required in 
claim 2, then it is unclear to the Examiner how claim 13 further limits its parent. 

7. Regarding claim 14, the claimed "judgment information" lacks antecedent basis 
and thus is indefinite. Examiner is unable to determine what the judgment information is 
comprised of. 



Claim Rejections - 35 USC § 102 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
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A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

8. Claims 1-9, 12-18, and 22-27 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Talpade et al US PGPub 2004/0148520. 

9. With regards to claim 1, Talpade teaches an unauthorized access prevention 
system (Talpade, Abstract, when attack is detected, mitigate the attack), including: a 
search unit searching the flowing-in path of unauthorized access to services disclosed 
from a user's communication network (Talpade, paragraph 0017, sensor 204 detects an 
attack, traffic entering the customer network); a determination unit determining a place 
to implement a countermeasure for protecting the services from the unauthorized 
access based on the result of the search (Talpade, paragraph 0024, automatically 
mitigates attack by informing affected edge routers); and a notification unit notifying, 
according to a determination that the countermeasure is implemented in the flow source 
that makes the unauthorized access flow into the user's communication network, the 
determination to a flow source (Talpade, paragraph 0024, new routing information is 
sent to the border and edge routers). 

10. With regards to claim 2, Talpade teaches a recording medium in which a 
program that directs a computer to implement a countermeasure against unauthorized 
access is recorded and in which the program can be read by the computer, and the 
program directs the computer to perform the following processes by being executed by 
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the computer (Talpade, paragraph 0019, host platform): a search process of searching 
the flowing-in path of the unauthorized access to the services disclosed from the user's 
communication network (Talpade, paragraph 0017, sensor 204 detects an attack, traffic 
entering the customer network); a determination process of determining the place to 
implement the countermeasure for protecting the services from the unauthorized access 
based on the result of the search (Talpade, paragraph 0024, automatically mitigates 
attack by informing affected edge routers); and a notification process of notifying, 
according to a determination that the countermeasure is implemented in the flow source 
that makes the unauthorized access flow into the user's communication network, the 
determination to the flow source (Talpade, paragraph 0024, new routing information is 
sent to the border and edge routers). 

1 1 . With regards to claim 3 (as best understood), Talpade teaches the search 
process is performed by a computer when the unauthorized access is detected 
(Talpade, paragraph 0020, sensor detects and analyzes packets using first, second, 
and third set of sensors). 

12. With regards to claim 4 (as best understood), Talpade teahces the search 
process is performed by the computer when the detection of the unauthorized access is 
notified (Talpade, paragraph 0020, sensor detects and analyzes packets using first, 
second, and third set of sensors). 

13. With regards to claim 5, Talpade teaches the process of searching the flowing- 
in path is performed by the computer based on the monitoring information on the traffic 
transmitted by a user's communication network and the unauthorized access 
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information indicating the contents of the unauthorized access (Talpade, paragraph 
0020, searching is based upon all traffic entering customer network, searching looks at 
information in headers - sensor two). 

14. With regards to claim 6, Talpade teaches the monitoring information includes at 
least the position information on an edge router arranged on the border between the 
user's communication network and the communication network adjacent to the user's 
communication network and the monitoring information on the traffic that flows into the 
user's communication network via the edge router (Talpade, paragraph 0020, position 
information - monitors all traffic entering a particular customers network, paragraph 
0024, informs all border/edge routers for the customer network to reroute traffic). 

15. With regards to claim 7 (as best understood), Talpade teaches the process of 
notifying the determination to the flow source after mutual attestation is conducted 
between the notification unit and the flow source of the unauthorized access is 
performed by the computer (Talpade, paragraph 0024, new routing information is sent 
to border/edge routers). 

16. With regards to claim 8, Talpade teaches the process of notifying the 
determination to the flow source after information on a security policy for the operation 
of each network is exchanged with the flow source that transmits the unauthorized 
access is performed by the computer (Talpade, paragraph 0024, security policy in the 
form of new routing information is sent to border/edge routers). 

17. With regards to claim 9, Talpade teaches information on a security policy is the 
information indicating the time required till the countermeasure against the unauthorized 
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access is cancelled after the unauthorized access is not detected any more (Talpade, 
paragraph 0028, periodic polling to determine if attack has completed). 

18. With regards to claim 12, Talpade teaches the process of notifying the flow 
source of the unauthorized access of the determination using the communication path 
that differs from the flowing-in path of the unauthorized access is performed by the 
computer (Talpade, paragraph 0023, notification is provided through IP tunnels). 

19. With regards to claim 13 (as best understood), Talpade teaches the notification 
process directs the computer to perform the process of judging whether, when it is 
determined that the countermeasure is implemented in the flow source that makes the 
unauthorized access flow into the user's communication network, the determination is 
notified to the flow source; by having the program executed by the computer; the 
unauthorized access countermeasure implementation control process that has the 
countermeasure for protecting the services from the unauthorized access implemented 
in the flow source when it is judged that the determination will not be notified to the flow 
source based on the above notification process is further performed by the computer 
(Talpade, paragraph 0024, new routing information is sent to border/edge routers): 

20. With regards to claim 14, Talpade teaches the judgment is made based on the 
judgment information on the flow source that is given in advance (Talpade, paragraph 

0020, judgment whether to send notification determined from sensor findings in 
advance of sending notification). 

21 . With regards to claim 15, Talpade teaches that by having the program 
executed by the computer; the unauthorized access countermeasure implementation 
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control process that has the countermeasure for protecting the services from the 
unauthorized access implemented in the user's communication network based on the 
determination that said countermeasure is implemented in the user's communication 
network is performed by the computer (Talpade, paragraph 0024, implemented by 
analysis engine and filter router). 

22. With regards to claim 16, Talpade teaches the process of implementing the 
countermeasure in the POP (point of presence) edge router to which the flow source of 
the unauthorized access is connected is performed by the computer (Talpade, 
paragraph 0024, new routing information is sent to border/edge routers). 

23. With regards to claim 17, Talpade teaches the process of identifying the POP 
edge router to which the transmitter that transmits the unauthorized. access is 
connected based on the information obtained from the operation management system 
that manages the operation of the user's communication network is further performed by 
the computer (Talpade, paragraph 0024, analysis engine/ISP manager/filter routers 
determine provide new routing tables to mitigate attack). 

24. With regards to claim 18, Talpade teaches that by having the program 
executed by the computer; the process of obtaining a notification of the determination 
that unauthorized access to the services disclosed from a communication network 
different from the user's communication network is made to flow into said other 
communication network is further performed by the computer (Talpade, paragraph 
0017, sensor 204 detects an attack, traffic entering the customer network); and the 
process of implementing the countermeasure for protecting the services disclosed from 
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said other communication network from the unauthorized access related to the 
notification in the user's communication network when the notification is obtained by the 
notification obtaining process is performed by the computer (Talpade, paragraph 0024, 
new routing information is sent to the border and edge routers). 
25. With regards to claim 22, Talpade teaches that by having the program 
executed by the computer; the process-of obtaining a notification of the determination 
that unauthorized access to the services disclosed from a communication network 
different from the user's communication network is made to flow into said other 
communication network is performed by the computer (Talpade, paragraph 0017, 
sensor 204 detects an attack, traffic entering the customer network); the process of 
searching the flowing-in path of the unauthorized access related to the notification in the 
user's communication network when the notification is obtained by the notification 
obtaining process is performed by the computer (Talpade, paragraph 0017, sensor 204 
detects an attack); the process of determining the place to implement the 
countermeasure for protecting the services disclosed from said other communication 
network from the unauthorized access related to the notification based on the result of 
the search when the notification is obtained by the notification obtaining process is 
performed by the computer (Talpade, paragraph 0024, analysis engine/ISP 
manager/filter routers determine provide new routing tables to mitigate attack); and the 
process of notifying, according to a determination that the countermeasure is 
implemented in the flow source that makes the unauthorized access related to the 
notification flow into the user's communication network when the notification is obtained 
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by the notification obtaining process, the determination to the flow source is performed 
by the computer (Talpade, paragraph 0024, new routing information is sent to the 
border and edge routers). 

26. With regards to claim 23, Talpade teaches that by having the program 
executed by the computer; the unauthorized access countermeasure implementation 
control process that has the countermeasure for protecting the services disclosed from 
the user's communication network or the other communication network from the 
unauthorized access related to the notification implemented in the communication 
network of the notification source of the notification when the notification obtained by 
said notification obtaining process is the same as that obtained in the past is further 
performed by the computer (Talpade, paragraph 0024, countermeasures for all attacks 
created by implementing new routing information that is sent to the border and edge 
routers). 

27. With regards to claim 24, Talpade teaches the process of notifying the 
information that uniquely identifies the unauthorized access related to the notification 
when the determination is notified is performed by the computer (Talpade, paragraph 
0022, notification of attack is sent by sensor). 

28. With regards to claim 25, Talpade teaches having the program executed by the 
computer; the process of recording the history of the notification is further performed by 
the computer (Talpade, paragraph 0028, record of notifications stored such that 
analysis engine can later determine if the attack is completed). 
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29. With regards to claim 26, Talpade teaches an unauthorized access prevention 
method, including: searching the flowing-in path of unauthorized access to the services 
disclosed from the user's communication network (Talpade, paragraph 0017, sensor 
204 detects an attack, traffic entering the customer network); determining the place to 
implement the countermeasure for protecting the services from the unauthorized access 
based on the result of the search (Talpade, paragraph 0024, automatically mitigates 
attack by informing affected edge routers); and notifying, according to a determination 
that the countermeasure is implemented in the flow source that makes the unauthorized 
access flow into the user's communication network, the determination to the flow source 
(Talpade, paragraph 0024, new routing information is sent to the border and edge 
routers). 

30. With regards to claim 27, Talpade teaches a computer data signal embodied by 
a carrier wave and representing a program that directs a computer to implement a 
countermeasure against unauthorized access (Talpade, paragraph 0019, host platform), 
which, by having the program executed by the computer, directs the computer to 
perform the processes of; searching the flowing-in path of the unauthorized access to 
the services disclosed from the user's communication network (Talpade, paragraph 
0017, sensor 204 detects an attack, traffic entering the customer network); determining 
the place to implement the countermeasure for protecting the services disclosed from 
the user's communication network from the unauthorized access based on the result of 
the search (Talpade, paragraph 0024, automatically mitigates attack by informing 
affected edge routers); and notifying, according to a determination that the 
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countermeasure is implemented in the flow source that makes the unauthorized access 
flow into the user's communication network, the determination to the flow source 
(Talpade, paragraph 0024, new routing information is sent to the border and edge 
routers). 

Claim Rejections - 35 USC § 103 



The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

31. Claims 10-11, 19-21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Talpade et al US PGPub 2004/0148520 in view of Kaler et al US 
PGPub 2004/0003286. 

32. With regards to claim 10 (as best understood), Talpade fails to teach that the 
time indicated by the information on the security policy differs between the user 
communication network and the flow source, a shorter time of the two is used as the 
time required till the countermeasure against unauthorized access is cancelled after the 
unauthorized access is not detected any more. However, Kaler teaches that the time 
indicated by the information on the security policy differs between the user 
communication network and the flow source, a shorter time of the two is used as the 
time required till the countermeasure against unauthorized access is cancelled after the 
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unauthorized access is not detected any more (Kaler, paragraph 0036, time period for 
countermeasures if predefined in the threat source). At the time the invention was 
made, it would have been obvious to a person of ordinary skill in the art to utilize Kaler's 
method of timing countermeasures because it offers the advantage of increasing 
security and efficiency by allowing a countermeasure's time of enactment to be 
dependent upon the severity of the attack (Kaler, paragraph 0036). 

33. With regards to claim 11, Talpade as modified teaches the process of notifying 
the flow source of the determination and the information indicating the time required till 
the countermeasure against the unauthorized access is cancelled after the 
unauthorized access is not detected any more is performed by the computer (Kaler, 
paragraph 0036, time period for countermeasures if predefined in the threat source, 
paragraph 0021 , computer device). 

34. With regards to claim 19, Talpade teaches the countermeasure implemented 
by the unauthorized access countermeasure implementation control process is 
cancelled after the unauthorized access is not detected any more (Talpade, paragraph 
0028, determine when the attack is completed), but fails to teach a preset time. 
However, Kaler teaches a preset time for cancellation of countermeasures (Kaler, 
paragraph 0036, time period for countermeasures if predefined in the threat source). At 
the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to utilize Kaler's method of timing countermeasures because it offers the 
advantage of increasing security and efficiency by allowing a countermeasure's time of 
enactment to be dependent upon the severity of the attack (Kaler, paragraph 0036). 
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35. With regards to claim 20, Talpade as modified teaches the preset time is set 
based on the security policy on the network operation of both the user's communication 
network and the other communication network (Kaler, paragraph 0036, time period for 
countermeasures if predefined in the threat source depending on severity of the threat). 

36. With regards to claim 21, Talpade as modified teaches that when the times set 
between the user's communication network and the other communication network 
based on the security policy on the network operation of both networks differ between 
both networks, the countermeasure is cancelled after the unauthorized access is not 
detected any more and a shorter time of the two passes (Talpade, paragraph 0028, 
determine when the attack is completed, Kaler, paragraph 0036, time period for 
countermeasures if predefined in the threat source). 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Andrew L. Nalven whose telephone number is 571 272 
3839. The examiner can normally be reached on Monday - Thursday 8-6, Alternate 
Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on 571 272 381 1 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-91 99 (IN USA OR CANADA) or 571-272-1 000. 




